Issued:: 2020-02-25
Updated:: 2020-02-25

RHSA-2020:0588 - Security Advisory

Overview
Updated Packages

Synopsis

Important: CloudForms 5.0.3 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for CloudForms Management Engine 5.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

CloudForms: RCE vulnerability in NFS schedule backup (CVE-2019-14894)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

Red Hat CloudForms 5.11 x86_64

Fixes

BZ - 1769411 - CVE-2019-14894 CloudForms: RCE vulnerability in NFS schedule backup

CVEs

CVE-2019-14894

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CloudForms 5.11

SRPM
cfme-5.11.3.1-1.el8cf.src.rpm	SHA-256: fe86d846ab49af316f31b15620cde0981c62983a03d7ddec4af47967bc88b327
cfme-amazon-smartstate-5.11.3.1-1.el8cf.src.rpm	SHA-256: aba68e1ef7881ce787878e01e3e8ff268050c8d63b4f0d4f89b8e35385766655
cfme-appliance-5.11.3.1-1.el8cf.src.rpm	SHA-256: 31d4f7fc681343f25560fe6f84ca63195a1f6487e5c6c5bd22f24fcc509aa32f
cfme-gemset-5.11.3.1-1.el8cf.src.rpm	SHA-256: 0f33715c945c4ff30f60232ed61100c820bf92c239ce70821c4ea5412aed667d
x86_64
cfme-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: 4b53287dbf2932f74b9e9ee70eeb995bc583910e3bb2259a647f3cec2aac6143
cfme-amazon-smartstate-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: d4934f17db3c907642640ecd80bdc353ffece4a61a74b3731bc38d8d24607bb5
cfme-appliance-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: dd4cd8ab201b990e4d4589fe9322745ad361fd01aa4da3afd160be4298e438a4
cfme-appliance-common-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: b10e93e16d22120ca4616cb066c86b03c24bf34db61e28e701eeffa98dbfc266
cfme-appliance-tools-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: fa1baa4534748278ef21018fa2f8c507d047c1352b53937ccaa5608817d609b4
cfme-gemset-5.11.3.1-1.el8cf.x86_64.rpm	SHA-256: 118748510c91156562bf39e5419113f67f266f76551f53e61dd8d35520e82938

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation